Results

The PIACERE solution provides:

A new generation DevSecOps framework for infrastructural code (IaC) supporting the creation of such code, increasing its quality, security, trustworthiness and evolvability while ensuring the business continuity by providing self-healing mechanisms anticipating to failures and violations, and self-learning from the conditions that triggered such re-adaptations.

IaC DevSec

Result: DevOps Modelling Language [DOML]

Creation of IaC models based on the NFRs

  • Definition of the topology and properties of the infrastructure
  • Abstraction from the specifities of the IaC language and protocol
  • Extendible

Result: Infrastructural Code Generator [ICG]

Automatic IaC generation based on the models

  • Most prominent target IaC environments and languages (e.g. Terraform, Ansible, TOSCA)
  • Code generation for provisioning and deployment orchestrators, configuration management environments, monitoring platforms and networks APIs.

Result: Verification Tool [VT]

Models and code vertification

  • Verification of the models
  • Code syntactic correctness, consistency and ability to fulfil specific non-functional properties verification
  • SAST and security inspector components

IaC design, development and verification

  • Integration of the IaC Sec Dev process

IaC SecOps

Result: Canary environment, IaC Optimized Platform

IaC simulation

  • Isolated execution and testing of Infrastructure as Code behavior
  • Identification of potential vulnerabilities and bottlenecks
  • Catalogue of services and infrastructural elements
  • Optimization combination of services and infrastructural elements

Result: IaC Execution Platform

Automatic IaC execution

  • Creation of the deployment plan
  • Interdependencies management
  • Distribution to the subsystems that perform the actual provisioning (e.g. creating virtual machines using proper IaaS connector, installing software packages or adjusting application configuration using Ansible)

Result: runtime monitoring, Self-learning and self-healing mechanisms

IaC intelligent monitoring

  • Execution logs
  • Run time security verification
  • QoS assurance through self learning and self-healing mechanisms

Automatic re-deployment and adaptation

  • To ensure that their infrastructural code is always conforming to the SLAs committed with the end-user even if the environmental situation changes